I am locking down our vpc and cluster in terms of ensuring no access to the internet and public endpoints, thus one of the things is the connection to the public endpoint for accessing googles apis so instead of accessing public, we should be accessing the private/restricted google api endpoint
I am using this module to create the dns, endpoint for private service connect and the endpoint seems to work, however, the actual routing/dns side doesn't work
So when I run this command from a VM on the VPC with this setup, I get this error:
curl -X GET -H "Authorization: Bearer $(gcloud auth print-access-token)" "https://storage-endpoint1.p.googleapis.com/storage/v1/b?project=$(gcloud config get-value project)"
curl: (6) Could not resolve host: storage-endpoint1.p.googleapis.com
To overcome this error, you can follow this blog by ET digital team which explains below 2 methods clearly.
As per the github link which you are following, can you cross check the below points:
Service Account running Terraform must have dns.managedZones.* permissions. You can add them by assigning the DNS Admin default role to the Service Account.
Did you recently upgrade your development environment or operating system? Is there a firewall which could be updated?
Workaround 1 : Try updating cURL and rebooting the server (update your /etc/resolv.conf file by replacing with default and restart your system).
Workaround 2 : Private Service Connect for DNS follows the naming convention, SERVICE-ENDPOINT.p.googleapis.com. Follow Codelabs Private Service Connect for Google APIs example authored by Deepak Michael for more information.